Is Compliance Preventing the Cloud From Reaching Its True Potential?

86% of businesses admit issues around data protection, legislation, and regulation are responsible for their slow adoption of cloud computing.

Innovation has become a board-level priority for all forward-thinking businesses over recent years, and IT security certainly has a central role to play. You might think that businesses operating in crowded markets and uncertain economic times would stick with the security practices they know and trust. But that line of old-fashioned thinking carries its own risks.

Security is now an essential component of true business innovation. Business leaders understandably fear being left behind and unable to take advantage of new technology platforms such as the cloud, while rivals develop and create fresh market opportunities. Ambitious businesses must not be dissuaded from experimenting with new technologies due to fears of lack of control over data protection and compliance. Indeed, they must embrace security as integral to the innovation discussion and not an obstruction, if they are to thrive and stay ahead of their competitors.

The fact that many businesses are faced with a constantly evolving and disruptive landscape impairs decisions over whether to adopt innovative technology models. Consciously or otherwise, prior experiences of data security challenges inevitably influence business decisions over how to reengineer or grow an enterprise to be more competitive. However all industries benefit from the free flow of data, and this is just one area in which innovative security practices and processes can really help businesses to retain and expand their client bases in new and exciting ways.

The most enticing avenue for business and technology innovation in recent times is certainly the question of cloud adoption. Despite early-adopter concerns over relinquishing control of data protection, these fears have proved unfounded. The cloud has typically transformed the ways in which businesses collaborate and deliver services to customers across the world. It continues to reduce the crippling overheads of infrastructure, increase flexibility, improve agility, and lower operating costs.

It does, however, seem that compliance is preventing the cloud from reaching its true potential, creating headaches for many IT professionals waiting to make their move. Objectively, it feels to them that, while the cloud wants to propel a business forward, compliance seeks to restrain it. Indeed a recent research report commissioned by NTT Com Security found that 86 percent still admit issues around data protection, legislation, and regulation are responsible for their slow adoption of cloud computing. So how should businesses overcome these hurdles and embrace innovation?

Increasingly complex data laws certainly do not help organizations striving to become more agile, efficient, and competitive using the cloud. Ultimately, data protection remains the responsibility of the business owner regardless of location, and not a third-party cloud provider. Yes, compliance often improves business and corporate governance, as well as providing direction for risk management. It also helps businesses to understand what the risks are and what processes and measures are in place to protect themselves. But those businesses also need to look further forward and work more flexibly with businesses and governments in this age of the cloud.

It is more important than ever for IT departments to invest in, develop, and enforce the most relevant skills and competencies for cloud adoption. A lack of understanding is putting individuals off from specializing in the cloud, despite its exponential growth. Businesses must understand the cloud better -- and the same applies for cloud providers that need to embed security into their services. Ensuring good security is a fundamental requirement of giving organizations the confidence and ability to adopt cloud services. It's time for businesses to go back to basics and stop trying to apply risk controls and regulations to a cloud business model that they don't truly understand. The priority must be to learn new skills first and, only once armed with the right knowledge, explore innovative technologies confident that this will improve business operations while also providing controls to manage risk.

What is clear is that in accordance with the law, the rise in adoption of cloud services and the increase in both security and compliance skills go hand-in-hand. Sound knowledge of security and risk management should be at the top of every organization’s cloud skills wish list. Perhaps innovation and compliance haven’t traditionally gone together, but, with the right methodical approach, they can help businesses to work without constraints, adopt the benefits of the cloud, and also protect their critical assets without the threat of hefty compliance fines.

Michael Gabriel is Director of Data Protection Practice at NTT Com Security. Michael Gabriel is an industry recognized expert in the field of data protection. In his role as a trusted security advisor with a global security consulting firm, Michael provides security ... View Full Bio

While the cloud is associated with innovation in business, compliance must protect customer data and often that means it must reside on the company's premises or within its corporate data center. 86% of IT respondents saying that compliance stands in the way of innovation is not surprising given the number of regulations impacting financial services firms and precautions being taken to prevent cybersecurity attacks. Even if security is in place, old ideas still prevail.

Thank you Michael, I think most will agree security solutions must adapt and be flexible and innovative, cloud solutions are also economical from what I understand. Old habits die hard, and red tape as well as fear can really inhibit innovation in this area. Still, 86% is a disturbingly high statistic! How many more years can they continue to look on and not make use of cloud advancements? What innovations are they waiting for? I'm curious what the other 14% had to say.

It's often said that newer companies are more cloud-based because they saw the benefit of building from scratch and could insert the appropriate safeguards from the start. Perhaps there's a lot of risk in making the switch..

In the financial services space, compliance definitely impedes innovation at many levels -- and cloud computing is likely a victim too.

New technologies and technology providers must pass the compliance test before the tools can even be considered by the users. While it is important to make sure all technologies and technology providers will be OK with regulators, innovation can suffer? Compliance experts are tasked with protecting the bank, not evaluating technology for its potential. Unfortunately, the compliance machine at many firms as grown so large (for fear of fines or lawsuits) that innovation gets pushed to the side.